Tech Risk Reading Picks

1. Singapore ransomware help portal: The Singapore Police Force (SPF), in collaboration with the Cyber Security Agency of Singapore (CSA), has announce its new ransomware portal during the Singapore International Cyber Week 2023 event. This portal supports ransomware victims in their recovery efforts and provides access to ransomware-related resources, including advisories, trends, and prevention measures to avoid ransomware attacks. [more][more-ransomware-portal]

2. Ransomware resistant: UK National Cyber Security Centre (NCSC) introduced a new set of principles to strengthen the resilience of organisations' cloud backups from ransomware attackers. [more]

3. AI implications: Eric Schmidt, the former CEO and chairman of Google, underscored the swift progress of artificial intelligence (AI) and the critical need for a thorough understanding of its implications. While AI is advancing rapidly, it still grapples with unresolved issues such as algorithmic bias and ongoing legal disputes. Governments around the world must step up their regulatory efforts, although it remains a challenge to predict and preempt all potential misuses of AI. Eric pointed out that the solutions to these challenges include exercising greater control over open-source AI and implementing regulations for social media companies that involve labeling users and content. [more]

4. New malicious crypto-miners: Researchers from Cado Security Labs have discovered a new cyber threat targeting Jupyter Notebooks, a popular tool among data scientists and researchers. Threat actors are exploiting vulnerable online Jupyter Notebook to gain unauthorized access to systems and deploy Qubitstrike malware. Their goal is to steal cloud service provider credentials and install cryptocurrency miners, potentially disrupting research. The attack involves phishing or social engineering to infiltrate systems, and a malicious script is used to run a cryptocurrency miner, create a backdoor, and hide malicious activities. Attackers can do more harm, like stealing data and interrupting research, and exfiltrate data via Telegram Bot API. [more][more-report]

5. PQC: Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for “post-quantum cryptography” (PQC). He also believes that NIST has made errors – either accidental or deliberate – in calculations describing the security of the new standards. NIST denies the claims. [more]

Web3 Cryptospace Spotlight

1. ESMA acknowledged DeFi benefits: The European Securities and Markets Authority (ESMA), the EU's financial oversight body, in a 22-page report, acknowledged DeFi's potential advantages like improved financial inclusion, innovative products, and enhanced transaction efficiency and security. Nevertheless, the report also emphasizes "significant risks," particularly liquidity risk linked to the speculative and volatile nature of many crypto assets. [more][more-ESMAreport]

2. The Fantom Foundation lost its private key: 17 Oct - The Fantom blockchain's foundation wallets were compromised on both Ethereum and Fantom, resulting in a loss of $470,000 on FTM and $187,000 on Ethereum. The breach was due to a zero-day exploit in Chrome. The stolen funds were moved to a wallet containing approximately $7 million worth of ether (ETH), and efforts are underway to trace and recover the lost funds. [more][more-2]

3. DeFi platform emptied: 19 Oct - Hope Lend, a DeFi platform, was drained 528 ETH. Two individuals, one being a frontrunner who discovered the exploit and the other the original hacker, collectively stole the digital tokens. The successful attacker obtained 264 ETH and paid a 263 ETH bribe to an ETH validator. However, Hope.money, the developer of the DeFi protocol, tells a different story, claiming that a single hacker took 526 ETH from users' funds, paying 263.91 ETH in bribes to a validator allegedly managed by Lido Finance, resulting in a profit of 264.08 ETH. While developer did not state the reason for the incident, on-chain sleuth Spreek suspected that the hack “seems to be related to WBTC [wrapped Bitcoin] decimals and rounding, similar to the Wise Lending hack recently.” [more][more-2]

4. Is Web3 overly complicated for regular people to adopt? Even Web3-savvy and experts fell into hacks and scams. [more][more-2]